IDA Processor Module for the Ethereum Virtual Machine (EVM)
License: Apache License 2.0
IDA Processor Module for the Ethereum Virtual Machine (EVM).
This plugin is under active development. New issues and contributions are welcome, and are covered by bounties from Trail of Bits. Join us in #ethereum on the Empire Hacking Slack to discuss Ethereum security tool development.
IDA Pro 7.0 or newer is required to use IDA-EVM.
evm-loader.py to %IDA%/loadersevm-cpu.py and known_hashes.py to %IDA%/procs
I've used the origin ida-evm to analyze some of the contracts uploaded on etherscan.io, for example, https://etherscan.io/address/0x029af1f2c753c458c1e7fa04428e78cbe2eb09a7#code
I got the deployed bytecode with the prefix โ0xโ and the file extention is ".bytecode". Just change the file extention of file below
0x029af1f2c753c458c1e7fa04428e78cbe2eb09a7.txt
When I analyzed it, I got some functions and details in the functions, but when I compared those details to the source code, the details of the IDA analysis were incomplete. For this example, I opened the isContractMiniGame() function, and the contents of the 0xba9 address and 0x305 address are still part of the function, but IDA is not parsing them out. Hopefully updates can be made.
I have copied files into %IDA% dirs and it jumps a error: IDAPython: importing "site" failed And my bytecode parse failed. Could anyone tell me how to solve this problem?
Hello Sir!
Just copied and pasted the py files on the folders
and
And when loading a example contract am getting a error
here the example contract am using:
0x0786b701Fef3bf2676556f5128cF7429ee53a9ef.evm
and inside this file i just pasted the following hex code:
0x606060405236156100885763ffffffff60e060020a600035041663146901db81146100ee5780631e0018d6146101005780633ccfd60b1461012c57806364ae44511461013e57806373ad468a14610168578063773041ce1461018a5780638da5cb5b146101a8578063c19d93fb146101d4578063ec8ac4d814610208578063f2fde38b14610226575b6100ec5b60025430600160a060020a03163111156100a65760006000fd5b60408051348152600160a060020a033316602082015281517f33e36c5037a4834b94e805648de1a58578badec436cfbd0679b82ca91603f40d929181900390910190a15b565b005b34156100f657fe5b6100ec610244565b005b341561010857fe5b6101106102a2565b60408051600160a060020a039092168252519081900360200190f35b341561013457fe5b6100ec6102b1565b005b341561014657fe5b61015460ff60043516610365565b604080519115158252519081900360200190f35b341561017057fe5b61017861038d565b60408051918252519081900360200190f35b341561019257fe5b6100ec600160a060020a0360043516610393565b005b34156101b057fe5b610110610417565b60408051600160a060020a039092168252519081900360200190f35b34156101dc57fe5b6101e4610426565b604051808260028111156101f457fe5b60ff16815260200191505060405180910390f35b341561021057fe5b6100ec600160a060020a036004351661042f565b005b341561022e57fe5b6100ec600160a060020a0360043516610513565b005b60005433600160a060020a039081169116146102605760006000fd5b600380546002919060ff19166001835b02179055506040517f1b0ba14d0d88ac936babe67c6ed402959bc2a548d8521436f4f27a29be3f619a90600090a15b5b565b600154600160a060020a031681565b6000805433600160a060020a039081169116146102ce5760006000fd5b6001805b60035460ff1660028111156102e357fe5b14156102ef5760006000fd5b600154604051600160a060020a03308116319450919091169083156108fc029084906000818181858888f19350505050151561032b5760006000fd5b6040805183815290517fca4bd5135a11e3fc146ac22d75f0d2eae9b6c61b6fa3eb6724a456b311ad72d39181900360200190a15b5b505b50565b600081600281111561037357fe5b60035460ff16600281111561038457fe5b1490505b919050565b60025481565b60005433600160a060020a039081169116146103af5760006000fd5b60015460408051600160a060020a039283168152918316602083015280517fc204b28865760f18aa0ef147ee25573d2dba9f208385c8aa65fb79150978fb6d9281900390910190a160018054600160a060020a031916600160a060020a0383161790555b5b50565b600054600160a060020a031681565b60035460ff1681565b6000805433600160a060020a0390811691161461044c5760006000fd5b61046230600160a060020a03163160025461055f565b6001546040805160e360020a631d91589b028152600160a060020a03928316600482015290519293509084169163ec8ac4d8918491602480830192600092919082900301818588803b15156104b357fe5b6125ee5a03f115156104c157fe5b5050600380546001935090915060ff191682805b02179055506040805182815290517f9237e61b939e9e5141705f9a758c9804d596ad248ce04d74983b3b76b27a61569181900360200190a15b5b5050565b60005433600160a060020a0390811691161461052f5760006000fd5b600160a060020a038116156103625760008054600160a060020a031916600160a060020a0383161790555b5b5b50565b600081831061056e5781610570565b825b90505b929150505600a165627a7a72305820037ab0f723c495390cc346235cd357a14daefc89854fb67f1ca558a5f8a537c90029
if i push ok and ok, does not load the contract correctly
and
and then
can't select the py file
Any hints?
thanks
this is what i was expecting to see instead:
am using Windows 10
and python 3.9
Thanks! And amazing repo! View more images
๐๐
seems like python version below to 3.0
Can maintainer fix this problem?
Currently ida-evm only support jump dst addr resolving when the Direct Previous Instruction of jump is PUSH2.
Chances are there might be other instructions right before JUMP(i), and analyzing it by hands & head can be quite annoying.
Especially in CTF puzzles :P
So I wrote an enhanced version (though the code is pretty ugly): https://github.com/xhyumiracle/ida-evm-enhanced
Basically, it acts like this:
Would love to know how you guys think about this, like, whether a pr is necessary or not.
ida-evm failed to analyze evm bytecode as bleow:
6060604052361561004a576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063a035b1fe1461028a578063cb4774c4146102b0575b6102885b6000600060006000734e6a1c57cdbfd97e8efe831f8f4418b1f2a09e6e9350736090a6e47849629b7245dfa1ca21d94cd15878ef9250829150601460015481151561009557fe5b0490508373ffffffffffffffffffffffffffffffffffffffff166108fc829081150290604051809050600060405180830381858888f1935050505015156100d857fe5b600260009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff166108fc82600154039081150290604051809050600060405180830381858888f19350505050151561013e57fe5b8173ffffffffffffffffffffffffffffffffffffffff166379ce9fac600060405180828054600181600116156101000203166002900480156101b75780601f106101955761010080835404028352918201916101b7565b820191906000526020600020905b8154815290600101906020018083116101a3575b50509150506040518091039020600260009054906101000a900473ffffffffffffffffffffffffffffffffffffffff166040518363ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004018083600019166000191681526020018273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200192505050600060405180830381600087803b151561027057fe5b6102c65a03f1151561027e57fe5b5050505b50505050565b005b341561029257fe5b61029a610349565b6040518082815260200191505060405180910390f35b34156102b857fe5b6102c061034f565b604051808060200182810382528381815181526020019150805190602001908083836000831461030f575b80518252602083111561030f576020820191506020810190506020830392506102eb565b505050905090810190601f16801561033b5780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b60015481565b60008054600181600116156101000203166002900480601f0160208091040260200160405190810160405280929190818152602001828054600181600116156101000203166002900480156103e55780601f106103ba576101008083540402835291602001916103e5565b820191906000526020600020905b8154815290600101906020018083116103c857829003601f168201915b5050505050815600a165627a7a72305820672c8a53b31689c05614491e5352dd3b781f31d1f370067a5f65c109a4bd2f180029
when loaded , ida-evm only get a single big block.
Hi:
I have followed the instruction to install the IDA Pro and copy the .py files into specified directory. But the following error occurs when I start the IDA Pro:
Traceback (most recent call last):
File "/home/zhutong/IDA_Pro_v6.4_(Linux)and_Hex-Rays_Decompiler(ARM)/loaders/evm-loader.py", line 8, in accept_file
if filename.endswith('.evm') or filename.endswith('.bytecode'):
AttributeError: 'long' object has no attribute 'endswith'
I will appreciate it if you can help me.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.